Patch/Configuration Management, Vulnerability Management

It’s Ok, I’m verified; libssh flaw allows attacker bypass server authentication

A vulnerability in the libssh platform could allow an attacker to bypass authentication and gain full control over vulnerable servers.

The vulnerability basically allows the attacker to simply tell the targeted system that the authentication is complete rather than the other way around and the server accepts the command without validating.

As a result of the flaw, an attacker could authenticate without any credentials by presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, according to an Oct. 16 security advisory.

Tenable researchers found nearly 2000 devices running libssh versions 0.6 and although the full scope of the issue is unclear, libssh also reportedly needs to be ran in server mode, not client mode, which may limit the impact of this vulnerability the researchers said.

The vulnerability has been addressed in libssh versions 0.8.4 and 0.7.6 and users are advised to update their systems as soon as their server distributions release patches.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.